Cyber Resilience

CVE-2026-7279

High

Published: 28 April 2026

Published
28 April 2026
Modified
28 April 2026
KEV Added
Patch
CVSS Score v4 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0011 1.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-7279 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Org (inferred from references). Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique DLL (T1574.001); ranked at the 1.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-14 (Signed Components).

Deeper analysis

CVE-2026-7279 is a DLL hijacking vulnerability (CWE-427) in AVACAST, software developed by eMPIA Technology. Published on 2026-04-28, it enables authenticated local attackers to place a malicious DLL in a specific directory, which the software then loads, resulting in arbitrary code execution with system privileges. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high impact with low complexity and requiring only local access and low privileges.

Local authenticated users can exploit this vulnerability by dropping a malicious DLL into the targeted directory that AVACAST searches during its execution. Upon loading the DLL, the attacker achieves arbitrary code execution at system privilege level, potentially allowing full control over the affected system, including data theft, persistence, or further lateral movement.

Advisories from TWCERT/CC provide details on mitigation, available at https://www.twcert.org.tw/en/cp-139-10885-02d83-2.html and https://www.twcert.org.tw/tw/cp-132-10884-f9c21-1.html.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

AVACAST developed by eMPIA Technology, has a DLL Hijacking vulnerability, allowing authenticated local attackers to place a malicious DLL in a specific directory, resulting in arbitrary code execution with system privileges when the system loads the DLL.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.001 DLL Stealth
Adversaries may abuse dynamic-link library files (DLLs) in order to achieve persistence, escalate privileges, and evade defenses.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The CVE describes a DLL hijacking vulnerability (CWE-427) allowing local authenticated attackers to place a malicious DLL in a searched directory for arbitrary code execution with system privileges, directly mapping to DLL Search Order Hijacking (T1038) and enabling Exploitation for Privilege Escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-9495Shared CWE-427
CVE-2026-24502Shared CWE-427
CVE-2025-69784Shared CWE-427
CVE-2024-9492Shared CWE-427
CVE-2024-55898Shared CWE-427
CVE-2024-10930Shared CWE-427
CVE-2024-9494Shared CWE-427
CVE-2025-65118Shared CWE-427
CVE-2024-55540Shared CWE-427
CVE-2026-3775Shared CWE-427

Affected Assets

Org
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the DLL hijacking flaw in AVACAST through timely identification, reporting, and application of vendor patches or updates.

prevent

Requires digital signature verification of software components like DLLs prior to installation or execution, blocking malicious unsigned or tampered DLLs from loading.

prevent

Enforces least privilege to restrict low-privileged authenticated users from writing to the specific directory where AVACAST searches for and loads DLLs.

References